[prev in list] [next in list] [prev in thread] [next in thread] 

List:       cap-talk
Subject:    Re: [cap-talk] Replacing passwords
From:       "Stiegler, Marc D" <marc.d.stiegler () hp ! com>
Date:       2012-03-15 17:56:44
Message-ID: 63601DC9100AAC48812C1985727F3448257700B8 () G9W0343 ! americas ! hpqcorp ! net
[Download RAW message or body]

This is a great list of criteria. It subsumes almost all the criteria in my little decision matrix. The 2 items I would want to add to build a really serious matrix would be a set of functionality criteria for rich sharing, and representation, either as a mechanism for prioritization or as an additional criterion, of the number of cyberthieves the threat exposes you to. I cannot help feeling that attacks like phishing, transcontinental in the risk they expose one to, are much, much more important and worrisome than shoulder surfing. I find the asterisk-filled password field, which leaves me clueless about whether I've committed a typing error with my relatively-long passwords, to be a vastly greater usability threat than security strength. Even if there is a dumb little checkbox I can interrupt my workflow even more to click to toggle off the asterisks, the hiding of my own keystrokes encourages shorter passwords to minimize typing error risk. Does that really make us more s!
 ecure?

--marcs

> -----Original Message-----
> From: cap-talk-bounces@mail.eros-os.org [mailto:cap-talk-
> bounces@mail.eros-os.org] On Behalf Of Ben Laurie
> Sent: Thursday, March 15, 2012 8:54 AM
> To: General discussions concerning capability systems.
> Subject: [cap-talk] Replacing passwords
> 
> People may find this of interest "The quest to replace passwords: a
> framework for comparative evaluation of Web authentication schemes"
> 
> http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-817.pdf

_______________________________________________
cap-talk mailing list
cap-talk@mail.eros-os.org
http://www.eros-os.org/mailman/listinfo/cap-talk
[prev in list] [next in list] [prev in thread] [next in thread]